Wireless Security
Trigger Warning: this is the article where I got bored and said fuckit and started cussing about shit and using metaphors. Ok, so you've got WEP, which is Wired Equivalent Protocol, which was the old way of saying "oh shit the wireless network can totally be sniffed by anyone with a receiver! WTF do we do?" So some bright spark said, never fear, we'll just encrypt the shit out of it and all will be well! So they invented this standard with a *super* reassuring name, which ought to be a warning. It was saying "I am just as secure as wires on the ground that you actually have to touch to get a signal off of". IT's a bit of psychology. "I'm safe, see how safe I am? Tooooootally safe, I'm as good as Wired is, I'm WIRED EQUIVALENT." Except. It totally wasn't, right? It's key is just 40 or 104 bits, so they called them (real original) WEP 40 and WEP 104. It used RC4, the Rivest Cypher 4 (aka Ron's Code 4). It's a stream cypher which means that it doesn't encrypt things as chunks like little packages, but as streams. Like... streams. Anyways, every single digit in a stream gets treated like a special snowflake and encrypted separately, whereas in block cyphers they're divided up into little chunks and treated like cattle in a cattle car, or sardines in a tin. RC4 is symmetric, which means you use the same key to encrypt and decrypt, which might sound all insecure but really loads of things are symmetrical and that's no big deal as long as the keys are nice and big. (size matters, after all.) So one of the problems with WEP is that RC4, while hot shit for its time, ended up not being very secure at all. Like... back in the day having a lock on your front door was a Big Deal! Nobody had locks, locks were for cityfolks who couldn't trust anyone at all, country folk living in their little homes never had anything to lock up anyways, and thieves were totally getting flogged. But now we're like, yeah, no way, even folks in the hinterlands have locks. Which... is whay off topic. The RC4 has a list of attacks against it that's just long as anything though, like, once someone found one weakness a bunch of others just dogpiled on the poor thing and tore it to shreds. But it's still an option in a lot of places so. Just... never use it. (Skype uses it. Awesome. So does PDF, which is sad.) So, WEP is all busted and broke, it's Gilderoy Lockhart: shiny and flash, but spine of a slug. But we still need to encrypt all this wireless stuff, right? So the folks who decide such things analyzed the situation and came up with a battle plan called the IEEE 802.11i standard, which was supposed to be a plan for how to fix this teensy little flaw in their plan to make wifi secure. So along comes.... dum dum DUMMMMM.... WPA. Like, there's two of the same letters, seriously? HOW am I aupposed to remember the difference? So I figure WEP is pronounced whep, or whupp. And WPA is like WHIPPAAAHHH, the noise someone makes as they whip someone's ass. When WPA whips WEP's ass, mainly. So WPA is all out there trying. Wireless Access Points (WAP's - oh yeah, we're whapping the WAP's with WPA after WEP failed, yeah buddy, uh-huh...) WAP's are all getting firmware upgrades to get their WPA onboard. And where WEP used a 64 or 128 bit encryption key that never changed... like, everything was always the same key, forever, you could totally see patterns and stuff.... WPA uses a *different key for every single packet*. Every one. So, like, imagine if you were sending out lockboxes full of candy to kids, and every single lock on the lockboxes was the same. Some genius 4 year old figures this out, they get *all the candy*. You better not do that. So instead you use a different lock and keyset for every candy box.... yeah, that's a little better, right? So all that is called TKIP, Temporal Key Integrity Protocol, which means "making sure the fucking key isn't the same damn key every time thanks so much." But get this: it's still the same *type* of lock and key that everyone can crack. It's harder to crack anything useful because there's so many of them, but it's still RC4, right? So, it's a great stopgap, adding more locks... but the locks are still shitty locks. In comes Junior: WPA2. WPA2 has a brand new lock! It can use CCMP instead of RC4. CCMP is CTR Mode with CBC-MAC Protocol which is a fuckton of acronyms inside acronyms oh screw you computer people, this game sucks. It's like unpacking empty boxes that get smaller and smaller to find a single jelly bean is your present. Ugh. Anyways, CCMP is based on AES with some other shit thrown in, it's got better message authenticity and integrity checking and shit. (AES means Advanced Encryption Protocol. If naming conventions are anything to go by, in a few years it won't be very advanced at all, but that's life.) So, you've got WPA senior and WPA junior, and they come in three flavors: WPA-Personal. This is, like the weakest, and it's the one you have at home. You enter a password and it lets you use the wifi, right? You've got WPA-Personal. AKA WPA-PSK, pre-shared key, where the "key" is the password someone printed out and stuck on a sign by the register. WPA-Enterprise is more complicated: you need not just a wifi router but a RADIUS server to talk to a network access server (NAS). RADIUS is just a fancy way of authenticating that's encrypted using a shared secret and the MD5 hash. (MD5 is actually pretty weak so other protection should be used too.) Then you've got Wifi Protected Setup, WPS, because OH SHIT WE NEEDED ANOTHER "W" ACRONYM WE HAVEN'T USED THEM ALL YET. But you can totally ignore it because someone put it out there but it's got a big giant security hole. Thanks, acronym abuser, we needed to remember another dang broken piece of the puzzle. So. Anyways. On to extensions. Like, hair extensions? No. Like, penis extensions? Ahem, no. Those are much more interesting, sorry. Boring extensions. Protocol extensions. EAP. Not the sound you make when you see a spider, no. EAP is the extensible Authentication Protocol and you can totally stick it onto WPA and WPA2 like a fake mustache. It comes in all sorts of different mustache styles: LEAP is lightweight, EAP-TLS is all about using Transport Layer Security, EAP-MD5 uses that thing we said above was pretty weak so... yeah, EAP-POTP uses Protected One Time Password like RSA tokens to generate keys.... yeah, loads of EAPs out there. So you get the idea, right? This is your lesson on Wireless Security. Also, try and keep your fucking signal strength down to a minimum to ocver your area, because 1) you're TAKING UP SPACE OTHER PEOPLE COULD USE and 2) it makes it stupid easy for other folks to sniff your network from a distance. Don't be wirelessly bandwidth wasteful. WBW.... hey, I came up with a W accronym all by myself! Wheeee! This is totally fun! Not.